Вы находитесь на странице: 1из 44

RFIDs: Benefits & Challenges

Ling Liu College of Computing Georgia Tech


[Ari Juels, Usenix Security 2004]

Outline
RFID and Applications
What is it? How is it used? RFID applications

RFID Sensing and RFID Systems


RFIDAnatomy Systems

RFID Privacy

Mobile Sensor Computing Systems: RFID and RFID Sensing

RFID Tags
Radio Frequency IDentification (RFID) Each tag has a unique ID. Anyone can read the ID through radio connection.

[Ari Juels, ajuels@rsasecurity.com RFID-Privacy Workshop at MIT 15 November 2003]

What is a Radio-Frequency Identification (RFID) tag?


In terms of appearance
Chip (IC) Substrate Die attach Antenna

What is an RFID tag?


You may own a few RFID tags
Proximity cards (contactless physical-access cards) ExxonMobil Speedpass EZ Pass

RFID in fact denotes a spectrum of devices:

What is an RFID tag?


You may own a few RFID tags
Proximity cards (contactless physical-access cards) ExxonMobil Speedpass EZ Pass

RFID in fact denotes a spectrum of devices:

Basic RFID Tag

EZ Pass

SpeedPass

Mobile phone

What is a basic RFID tag?


Characteristics:
Passive device receives power from reader Range of up to several meters In effect a smart label: simply calls out its (unique) name and/or static data

Plastic #3

74AB8

5F8KJ3

Mfgr Transponder Technologies Intellitag 500 Telenexus

Type

Read Range 915 MHz Tags


Frequency Read Range Comments 11 feet 915 MHz
Read range up to 3.5m (11.48 ft) using unlicensed 915 MHz reader with one antenna; read range up to 7m (22.96 ft) with two antennas" Telenexus has developed a reader and antenna for the 915 MHz long-range RFID system...with a read range of over 15 feet. The tag is a low-cost passive transponder.

Passive

Passive

915 MHz

15 feet

Alien

Passive

915 MHz

17 feet

The maximum free space read range of these emulator tags is 5 meters, consistent with the performance of other known UHF passive tags. Read range depends on reader configuration and tag enclosure.30 W EIRP (USA site licensed):> 20m 4 W EIRP (USA unlicensed): 6-8m500 mW ERP (Europe): 1-2m The first product to come from the collaboration will be a handheld device that reads Matrics' passive EPC tagsThe unit will be able to read passive tags from up to 33 feet (10 meters) away

iPico

Passive

915 MHz

66 feet USA licensed 20-26 feetUSA unlicensed 3 7 feet EU

Matrics/Savi

Passive

unspecified

33 feet

The capabilities of a basic RFID tag


Little memory
Static 64-to-128-bit identifier in current ultra-cheap generation (five cents / unit) Hundreds of bits soon Maybe writeable under good conditions

Little computational power


A few thousand gates Static keys for read/write permission No real cryptographic functions available

The grand vision:


RFID as next-generation barcode
Barcode RFID tag Fast, automated scanning
Line-of-sight Specifies object type Radio contact Uniquely specifies object

Provides pointer to database entry for every object, i.e., unique, detailed history

Some applications
Better supply-chain visibility -- #1 compelling application
U.S. DHS: Passports U.S. FDA: Pharmaceuticals, anti-counterfeiting Libraries Housepets approx. 50 million

Parenting logistics
Water-park with tracking bracelet

RFID in Euro banknotes (?)

placed between layers of paper

Alien/RAFSEC S Tag in Bag

Tags can be sewn into clothing

Embedded in plastic

They can be integrated into paper

Inkodes chipless tag: Closeup of Inkode metal fibers embedded in paper

Soon these chips could appear on every Coke can


whether Coca-Cola is REALLY interested in uniquely identifying a single can of Coke among billions,

In answer to a questionabout

Michael [Okoroafor, in charge of technical solutions for Coca-Cola] replied with a resounding YES! - IDTechEx Magazine 2003

and on every pack of gum


Alien envisions [conductive] ink being mixed with regular packaging ink to create antennas on boxes of cereal and other disposable packaging

"With these things you could literally tag a pack of chewing gum. - Jacobsen, Alien Technology

Philips & RFID


We are market leader (nearly 1 billion products shipped) We intend to drive new RFID technologies and the integral ID market, together with key industry partners across the value chain

Key applications
Supply chain and logistics Production control Asset management Brand protection Automotive immobilization, gas & toll payments (near field) Livestock tracking Public transport and room access Library management Retail
Increase shoppers experience

Parenting logistics Water park uses RFID bracelets to track children

Consumer benefits
Saves lives e.g. tire safety Helps commuters on public transport Reduces road congestion Improves shopping experience Authenticates brands and prevents fraud Can prevent, deter and help solve theft of high-value goods All chips meet international standards such as ISO-15693, ISO 18000 and AIDCs EPC

Commercial applications
Smoother inventory tracking
Military supply logistics
Gulf War I: Placement of double orders to ensure arrival Gulf War II: RFID renders supply chain much more reliable

Procter & Gamble: Elimination of dock bottleneck -fast loading of pallets onto trucks Product recalls Anti-counterfeiting Maintaining shelf stocks in retail environments Gillette Mach3 razor blades Parenting logistics Water park uses RFID bracelets to track children

London Transport
One of the largest roll-outs of contactless smart cards worldwide Fare collection across Londons entire underground train and bus networks A major step towards an integrated transport network for London 3 million cards during the first year of operation using Philips MIFARE technology

Toyota, South Africa


ICODE read/write tags enable production control of cars through to final assembly Both re-usable and disposable tags are used in the same installation Results: Stock reduced by 1 day Fitment and distribution planning greatly improved Required business information made available to distribution yards

From supply to retail METRO Group Future Store Initiative


The first broad, real life implementation of RFID technology in an European supermarket environment Goal is to improve customer service and increase supply chain efficiency in retailing METRO Group: We want to revolutionize the shopping experience for customers! Tagged products enable customers to simply swipe a CD or DVD to select a preview of the album or film they are considering purchasing

There is an impending explosion in RFID-tag use


Wal-Mart requiring top 100 suppliers to deploy RFID at pallet level from 2005 on Gillette announced order of 500,000,000 RFID tags Auto-ID Center at MIT
Wal-Mart, Gillette, Procter & Gamble, etc. Spearheading EPC (electronic product code) data standard for tags Developing cheap manufacturing techniques Handing over standards to Uniform Code Council
2005: $0.05 per tag; $100 per reader 2010: $0.01 per tag; several dollars per reader (?)

Estimated costs RFID realm sometimes called Extended Internet

There is an impending explosion in RFID-tag use


EPCglobal
Joint venture of UCC and EAN Wal-Mart, Gillette, Procter & Gamble, etc. Spearheading EPC (electronic product code) data standard for tags Putting finishing touches on basic-tag standard (Class 1 Gen 2) this week

Wal-Mart requiring top 100 suppliers to start deploying RFID in 2005 Other retailers and DoD following Wal-Mart lead Pallet and case tagging first -- item-level retail tagging seems years away Estimated costs
2005: $0.05 per tag; hundreds of dollars per reader 2008: $0.01 per tag; several dollars per reader (?)

A broader vision: Extended Internet

RFID Sensing and RFID Systems


Basic Elements of RFID systems RFID Application Developments

Elements of an RFID system

What is an RFID Reader?


(eg Savant)

Four main elements: Tags, Readers, Antennas, and Network Systems

RF system variables
1. 2. 3. 4. 5. Choice of operating frequency Tag IC, tag antenna design Reader, reader antenna design Proximate materials Sources of external interference

Major RFID markets by frequency

US, Canada 125KHz 13.56MHz 902-928MHz

EU Countries 125KHz 13.56MHz 868-870MHz

Japan 125KHz 13.56MHz 950-956MHz

RFID tags at different frequencies


125 KHz TI Philips Others 13.56 MHz Tagsys Philips TI Microchip Others 915 MHz Intermec SCS Matrics Alien Philips TI 2.4 GHz Intermec SCS Hitachi

Tag anatomy
Substrate Die attach Tag IC

Antenna

Tag block diagram


Antenna Power Supply Tx Modulator Rx Demodulator Tag Integrated Circuit (IC) Control Logic (Finite State machine) Memory Cells

What does a reader do?


Primary functions:
Remotely power tags Establish a bidirectional data link Inventory tags, filter results Communicate with networked server(s)
Plastic #3

74AB8

5F8KJ3

Reader anatomy
Digital Signal Processor (DSP)

Network Processor

Power Supply

915MHz Radio

13.56MHz Radio

Mobile, PDA, Scanner, ...

RFID System Architecture


Web-Client Monitoring-Client Access Point Reporting-Client Firewall @ Connector WebServer

RFID-Reader

Messaging-Server

Application Server

DB-Server

Other devices

?
Connector External Information System

Vision
The RFID System Architecture is a highly complex system! RFID solution merges the virtual world of data with the real world of RFID-tagged assets

antenna reader
Smart Tag (RFID)/ Smart Product ID ID ID memory memory memory sensors sensors sensors unit processing processing unit processing unit communication communication communication interfaces interfaces interfaces RFID Antenna/ RFID Antenna/ RFID Antenna/ Reader Reader Reader receiver (read) receiver (read) receiver (read) transmitter transmitter transmitter (write) (write) (write)

controller/ local server


comm.

application server
comm.

Internet

comm.

Middleware comm. mgt., data mgt., event mgt. basic services: identification, notification, moniitoring, tracking

Applications Applications Applications and Services and Services and Services ERP ERP ERP CRM CRM CRM SCM SCM SCM Ebusiness Ebusiness Ebusiness web services web services web services

Strassner: Automotive Study, 2004

Problems
How is it possible to ensure system quality and reliability? Design of RFID System Architecture
System Architecture, Integration of back-end and data capture

Management of RFID System Architecture


Roll out, Control, Maintenance

How is it possible to achieve an accurate virtual mapping of reality? Especially important in real-time systems Derivation of process performance figures At least starting point process improvements

Business Requirements (1/3)


Transformation of reader data into meaningful data

Sensors and Actuators

?
Information Systems

Physical Object in a business process

Business Requirements (1/3)


Transformation of reader data into meaningful data
Tasks Correction Aggregation Transformation Storage
Information Systems

Sensors and Actuators

Physical Object in a business process

Business Requirements (1/3)


Transformation of reader data into meaningful data

Business Requirements (2/3)


Integration Expertise
The case for integration the expected use of an Auto-ID System

Business Requirements (2/3)


Integration Expertise

The market for RFID system integration is far greater than the number of experienced RFID system integrators out there. [METAGroup 03]

Business requirements (3/3)


Management of complex RFID Infrastructure
Scope of RFID Infrastructure determined by
Selected applications Inter/intra-organizational dependency Local, regional, or global implementation Level of system integration
Mobile, PDA, Scanner, ... Web-Client

Organizational Support
Supporting processes Key Performance Indicators Involves operations experts, quality manager, IT, vendors, customers, trading partners, technology partners, operational staff Hardware deployment e.g. of huge quantities Tagged object management Software such as middleware, data applications Data security Risk of failure System reliability Facility management

Monitoring-Client Access Point

Reporting-Client

RFID-Reader

Firewall

Technical Support

@
Connector Messaging-Server Application-Server DB-Server Web-Server

Other devices

?
Connector External Information System

RFID technologies
Standardization and industrial associations:
ISO, AIM (Association for Automatic Identification and Data Capture Technologies)

Applicability:
Originally destined to electrical labelling, tracking and access applications Applications with ultra short-range non-symmetrical communication between a reader (master) and a transponder (slave) Applications with very low cost and power consumption (even passive devices) Applications with a usage model called physical browsing

Technical features:
Many different commercial solutions based on several ISM bands, current mainstreams 125 kHz and 13.56 MHz Passive / active transponders Communication rate up to several hundreds of kilobits per second Communication range from a few millimeters to several tens of centimeters

Evolutions under preparation:


Long-range (up to several meters) RFID-technologies based on backscattering of the RF field (e.g. Palomar at VTT Information technology)

Vision: The Auto-ID Labs vision

Vision Summary
RFID solution merges the virtual world of data with the real world of RFIDtagged assets

by providing accurate, real-world, real-time data and information solution enables companies to close the loop between capturing data converting data to meaningful information and automating all associated transactions and processes businesses will create smarter, more responsive and more adaptive business processes to execute adaptive supply chain networks

Technology-driven Enterprise Transformation


http://www.sap.com/company/press/press.asp?pressID=2609

RFID Privacy

RFID System
Radio Frequency IDentification (RFID)
Each tag has a unique ID. Anyone can read the ID through radio connection.
VERY USEFUL FOR GOODS FLOW CONTROL

Our Concern
What if the tag is linked to your identity? What if someone is tracing the tag?
PRIVACY VIOLATION (BIG BROTHER PROBLEM)

RFID Privacy Problems


Leakage of personal belongings data
Leak data regarding belongings without awareness of user.
What do they have?

Consumers

Adversary

ID tracing
Monitor tag owners activity.

Adversary

www.rapturechrist.com/666.htm

NEW Subdermal Biochip Implant for Cashless Transactions - is it the Mark?

The mark is a microchip assembly which will be implanted under the skin of the right hand. Later on, the mark will be implanted under the forehead, so people who have no right hand could also have the mark. The microchip assembly, called radio frequency identification (RFID) is already used in animals. In dogs, the RFID is placed between the shoulder blades, and in birds it is implanted under the wing. Now there is a one for humans called VeriChip.

www.spychips.com, www.stoprfid.com

Unlike a bar code, [an RFID tag] can be read from a distance, right through your clothes, wallet, backpack or purse -- without your knowledge or consent -- by anybody with the right reader device. In a way, it gives strangers x-ray vision powers to spy on you, to identify both you and the things you're wearing and carrying.

Technical Approaches to Enhancing RFID Privacy

For RFID, we can consider different and weakened adversarial assumptions


Adversary is not present 24 hours a day
Adversary must be physically close to tag to scan it

We can deploy security protocols on physical channels not just logical ones External, higher-capability devices can help protect tags

First approach [Juels, SCN 04]: Minimalist cryptography


Key observation: Adversary must have physical proximity to tag to interact with it Key assumption: Adversary can query tag only limited number of times in given attack session Example: Passive eavesdropping
Adversary only hears queries made by legitimate readers

Example: Building access


Adversary has limited time to query tags in parking lot before employees authenticate to door readers

Example: Readers scattered around city


Pedestrians within range of reader for limited time

Pseudonym rotation
Set of pseudonyms known only by trusted verifier Pseudonyms stored on tag
Limited storage means at most, e.g., 10 pseudonyms

Tag cycles through pseudonyms

74AB8

=
Strengthening the approach
Strengthen restriction on adversarial queries using throttling
Tag enforces pattern of query delays via, e.g., capacitordischarge timing

MMW91

Pseudonym refresh
Trusted reader provides new pseudonyms Pseudonyms must be protected against eavesdropping and tampering using encryption, but tags cannot do standard cryptography! Can load up tag with one-time pads assuming adversary is not always present, some pads will be secret!

Not for retail items, which must include basic item information. Perhaps for prox. cards, tickets, etc.?

Second Approach [Juels, Rivest, & Szydlo CCS 03]:

The Blocker Tag

Blocker Tag
Blocker simulates all (billions of) possible tag serial numbers!!
1,2,3, , 2023 pairs of sneakers and (reading fails)

Tree-walking anti-collision protocol for RFID tags


0 1

?
00 01 10 11

000

001

010

011

100

101

110

111

In a nutshell
Tree-walking protocol for identifying tags recursively asks question:
What is your next bit?

Blocker tag always says both 0 and 1!


Makes it seem like all possible tags are present Reader cannot figure out which tags are actually present Number of possible tags is huge (at least a billion billion), so reader stalls

Two bottles of Merlot #458790

Blocker tag system should protect privacy but still avoid blocking unpurchased items

Consumer privacy + commercial security


Blocker tag can be selective:
Privacy zones: Only block certain ranges of RFID-tag serial numbers Zone mobility: Allow shops to move items into privacy zone upon purchase

Example:
Tags might carry a privacy bit Blocker blocks all identifiers with privacy bit on Items in supermarket have privacy bit off On checkout, leading bit is flipped from off to on
PIN required, as for kill operation

Blocking with privacy zones


0 00 01 1 10 Privacy zone

11

000

001

010

011

100

101

110

111

Transfer to privacy zone on purchase of item

Polite blocking
We want reader to scan privacy zone when blocker is not present
Aim of blocker is to keep functionality active when desired by owner

But if reader attempts to scan when blocker is present, it will stall! Polite blocking: Blocker informs reader of its presence
Your humble servant requests that you not scan the privacy zone

An Example: The RXA Pharmacy

RFID-tagged bottle + Blocker bag

RFID-tagged bottle + Blocker bag

Soft Blocking
[Juels and Brainard WPES 03]

Idea: Implement polite blocking only no hardware blocking


A little like P3P

External audit possible: Can detect if readers scanning privacy zone Advantages:
Soft blocker tag is an ordinary RFID tag Flexible policy:
Opt-in now possible e.g., Medical deblocker now possible

Weaker privacy, but can combine with hard blocker

Third approach: Personal Simulator or Proxy for RFID


Nokia mobile-phone RFID kit available in 2004
Readers will be compact, available in personal devices

We might imagine a simulation lifecycle:


1. Mobile phone acquires tag when in proximity 2. Mobile phone deactivates tags or imbues with changing pseudonyms 3. Mobile phone simulates tags to readers, enforcing user privacy policy 4. Mobile phone releases tags when tags about to exit range

Formal Security Requirement


Indistinguishability
The output from tag A cannot be distinguished from that from tag B. The ouput from tag A at time T cannot be distinguished from that of at time T.
Tag A Tag B
5709136824 1234567890 time T time T
Reader

6123789035

time T

Stronger Property
Forward Security
Once the secret in the tag is stolen, all past activities can be traced by searching past logs. Forward security ensures that the latest memory in the tag does not give a hint to guess past outputs. So the past activities can be protected from tampering. secret information

output 2
time

output3
Tag A

output 4

Tampering!

Known Approaches (1/2)


ID Encryption (against personal belongings data
leakage)

Hide ID by encryption
so that only designated Reader can read it.

Re-encryption (against ID tracing)


Re-encrypt the encrypted IDs to vary the ciphertext from time to time.
[KHKFO03] Anonymous ID Scheme [JP03] Re-encryption scheme Costly encryption is done by onon-line Reader. But offoff-line schemes (that allow the tags to protect privacy by themselves) are more useful.

Known Approaches (2/2)


ID Randomization approach
Using Hash function that is much less costly than encryption. Allows tag to protect ID without any help of Reader. [WSRE03] using Randomized Hashing
Simple No forward security

[This work] using Randomized Hash Chain


Simple Forward secure!

Hash Functions
Functionality
One-way (Preimage-free): hard to guess the input from the ouput

SHA-1, MD5, ...

Existing Schemes Hardware Implementation


12KGates for SHA-1 while 165KGates for Elliptic Curve Enciphering Security module should be < 2.5KGates to get a tag < 5 cents. Currently, it is hard to meet with 2.5KG boundary but hash functions are much more promising than public-key encryption.

Known Approaches (2/2)


ID Randomization approach
Using Hash function that is much less costly than encryption. Allows tag to protect ID without any help of Reader. [WSRE03] using Randomized Hashing
Simple No forward security

[OSK-NTT03] using Randomized Hash Chain


Simple Forward secure!
[OSK-NTT03] Cryptographic Approach to Privacy-Friendly Tags

Cryptographic Approach to Privacy-Friendly Tags

Miyako Ohkubo, Koutarou Suzuki, and Shingo Kinoshita NTT Laboratories


Nippon Telegraph and Telephone Corporation 2003.11.15 RFID Privacy Workshop MIT

Contribution
Defined security requirements
Indistinguishability Forward security

Proposed scheme
Low-cost Security requirements are satisfied
Secret information is renewed using hash chain. Output of tag is changed every requests and random.

Future works
Reduce the computational cost of back-end server Low-cost hash function

Outline
1. Introduction (RFID System and RFID Privacy Problem) 2. Our Contribution
1. Stronger security model
Indistinguishability, forward security

2. A new scheme providing stronger security


low-cost and forward secure based on hash chain

3. Conclusion

Outline
1. Introduction (RFID System and RFID Privacy Problem) 2. Our Contribution
1. Stronger security model
Indistinguishability, forward security

2. A new scheme providing stronger security


low-cost and forward secure based on hash chain

3. Conclusion

Proposed Scheme Tag Operation


Tag 1. Receives a request
from reader. 2. Calculates a i by applying hash function G to si . 3. Calculates i+1 by applying hash function H to si , and overwrite in memory

Memory

si
G
Output

si +1

Overwrite

Tag

H G

One-way hash functions with different output distributions

ai

Proposed Scheme - Back-end


Back-end server

Server Operation

ai

Back-end server 1. Receives from reader. 2. For all ID,


. . .

DB

ai Tags output sent from reader

( ID,

s1

3. If the equation holds,


identifies ID from database.
Identify ID through comparison with calculation result

ID

Implementation Issues
Saving servers computation
Cash latest value si to reduce calculation cost, back-end server reduces calculation cost. Apply efficient computing method for hash chain [Coppersmith and Jakobsson02][Sella03]. Our scheme allows parallel computation on the server-side.

RFID lifetime
Using FRAM (100 million times) instead of simple memory, for example EPROM and RAM(hundred thousand times).

Application to Auto-ID System


Layout
EPC
8bits
Header

28bits
EPC manager

24bits
Object class

36bits
Serial number

Version

Manufacture code

Article classification

Serial number

Extended code of our scheme

Header

Back-end server

Operation

ai

1. Reader sends an extended-EPC to the ONS server. 2. ONS server resolves address of back-end server and responds to reader. 3. Reader sends extended-EPC to back-end server. 4. Back-end server resolves extended-EPC to originalEPC and returns it to reader. 5. Next, the basic protocol in our scheme is performed.

Conclusion
Defined security requirements
Indistinguishability Forward security

Proposed scheme
Low-cost Security requirements are satisfied
Secret information is renewed using hash chain. Output of tag is changed every requests and random.

Future works
Reduce the computational cost of back-end server Low-cost hash function

Summary
Define security requirements
Indistinguishability Forward security

Propose Low-cost scheme, meeting the two security requirements


Secret information is renewed using hash chain.
Output of tag is changed every requests and random.

Open issue for future work


Reduce the computational cost of back-end server Low-cost hash function

Three take-home messages


1. Deployed navely, embedding of RFID tags in consumer items can present a serious danger to privacy and security of consumers and enterprises alike in the future. 2. RFID is a technology with high promise. It would be unfortunate if security problems scotched it. 3. As technologists we must help to achieve a good balance of PRIVACY/SECURITY and UTILITY.